Strix
26.1K

CVE-2023-4828

MEDIUMCVSS 4.2/10EPSS 0.30%

Last modified

CVE-2023-4828 is a medium-severity vulnerability rated 4.2/10 on the CVSS scale. An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected.

Metrics

CVSS 3.1
4.2/10

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS Probability
0.30%

21.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ProofpointInsider Threat Management< 7.14.3.69

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-4828?
An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected.
How severe is CVE-2023-4828?
CVE-2023-4828 has a CVSS score of 4.2/10 (MEDIUM severity). The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.
How do I fix CVE-2023-4828?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-4828?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST